Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-3587 SAML support for JAX-RS endpoints
  3. CXF-3588

Validate SAML assertions targeted at JAX-RS endpoints

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.5
    • 2.5
    • JAX-RS
    • None

    Description

      This task is about ensuring that SAML assertions can be validated either in-place, example by checking the assertion signature against a client cert in case of two-way TLS or by delegating to STS client for confirming it recognizes the assertion which it must've issued in the first place.

      How SAML assertion will be associated with the current request is not yet finalized. SAML HTTP POST binding offers the way to pass it via a form submission. Or we can get an artifact representing an STS response containing the assertion passed in and then get a compliant IDP resolve the artifact (vis STS). Or use a header and effectively create another SAML HTTP binding. Etc...

      Attachments

        Activity

          People

            sergey_beryozkin Sergey Beryozkin
            sergey_beryozkin Sergey Beryozkin
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: